Re: contrib/pgcrypto functions not IMMUTABLE?

From: Marko Kreen <marko(at)l-t(dot)ee>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Michael Fuhr <mike(at)fuhr(dot)org>, Russell Smith <mr-russ(at)pws(dot)com(dot)au>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: contrib/pgcrypto functions not IMMUTABLE?
Date: 2005-07-03 17:15:07
Message-ID: 20050703171507.GA25679@l-t.ee
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Sun, Jul 03, 2005 at 12:57:54PM -0400, Tom Lane wrote:
> Marko Kreen <marko(at)l-t(dot)ee> writes:
> > On Sun, Jul 03, 2005 at 12:02:38PM -0400, Tom Lane wrote:
> >> That doesn't seem like a good idea at all. Why shouldn't an encryptable
> >> value be NULL? I think you should just make 'em strict.
>
> > Well, I have mainly issues with decrypt part. I'd like
> > to say, if decrypt succeeds, whoever put the data there,
> > had the key. Existing decrypt() has a smell of it - there
> > is 1/256 chance that data modification won't be detected.
>
> And that has what to do with throwing an error on NULL input?

It is not an encrypted value so do not succeed.

> > As for the crypt() case, lets say you have a new user with
> > hashed password field NULL. In addition, you have client
> > program that compares crypt() result with hashed field
> > itself, in addition it handles NULL's as empty string.
> > Result: it is possible to login with any password.
> > Lots of assumptions but in eg. PHP case they are all filled.
>
> A NULL password field is intended to have exactly that effect, no?

I hope not.

But I think I see - throwing error on NULL goes against standard
practice and anyway NULL handling should be user responsibility,
not pgcrypto's.

Maybe I'm getting too paranoid from tracking all the error
conditions in pgp code.

Michael, the result is, you can make them all STRICT.

--
marko

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Alvaro Herrera 2005-07-03 17:19:24 Re: contrib/pgcrypto functions not IMMUTABLE?
Previous Message Tom Lane 2005-07-03 16:57:54 Re: contrib/pgcrypto functions not IMMUTABLE?